Non-intrusive background synchronization when authentication is required

ABSTRACT

A non-modal notification user interface element is displayed persistently but unobtrusively such that a user may easily determine that authentication credentials are required by a background synchronization process. The non-modal notification is configured such that it may be ignored by the user such that their workflow is not interrupted. The background synchronization continues to synchronize the data it can even though the background synchronization may require authentication credentials for a subset of the data to be synchronized. The user may select the non-modal notification user interface element at any point in time in order to supply the required authentication credentials. The non-modal notification is removed from the display when there are no further authentication credentials required.

RELATED APPLICATIONS

This application is a continuation of and claims priority to applicationSer. No. 11/360,155, filed Feb. 23, 2006, entitled NON-INTRUSIVEBACKGROUND SYNCHRONIZATION WHEN AUTHENTICATION IS REQUIRED, issued asU.S. Pat. No. 7,877,797, incorporated herein by reference

BACKGROUND

Applications that require authentication when synchronizing datagenerally follow one of three models. The first model prompts the userto enter authentication credentials whenever authentication is required.The second model requires the user to save authentication credentialssomewhere with the client application such that the application canhandle authentication tasks without prompting the user. The third modelsimply fails and does not synchronize the data if authentication isrequired. None of these models is desirable. The first model can be veryannoying and intrusive to the users workflow if background synchronizingis frequent. The second model may have security concerns since passwordsare being saved. The third model results in the user not having datathat is synchronized.

SUMMARY

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter.

When authentication is required a notification user interface element isdisplayed persistently but unobtrusively such that a user is notifiedthat at least one authentication credential is required by a backgroundsynchronization process. This notification element is displayed suchthat it may be ignored by the user and does not interfere with theuser's workflow. The background synchronization process continues toattempt to synchronize data even when the notification element isdisplayed. The user may select the notification element at any point inorder to supply one or more of the required authentication credentials.The notification element is removed from the display when there are nofurther authentication credentials required.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an exemplary computing device;

FIG. 2 shows a background synchronization system;

FIG. 3 illustrates an exemplary application window with a notificationelement;

FIG. 4 shows another exemplary application window with various areas todisplay a notification element;

FIG. 5 illustrates displaying a notification element as a result of anauthentication error; and

FIG. 6 illustrates a process for interacting with a notification elementthat is displayed as a result of an authentication error.

DETAILED DESCRIPTION

Referring now to the drawings, in which like numerals represent likeelements, various embodiment will be described. In particular, FIG. 1and the corresponding discussion are intended to provide a brief,general description of a suitable computing environment in whichembodiments may be implemented.

Generally, program modules include routines, programs, components, datastructures, and other types of structures that perform particular tasksor implement particular abstract data types. Other computer systemconfigurations may also be used, including hand-held devices,multiprocessor systems, microprocessor-based or programmable consumerelectronics, minicomputers, mainframe computers, and the like.Distributed computing environments may also be used where tasks areperformed by remote processing devices that are linked through acommunications network. In a distributed computing environment, programmodules may be located in both local and remote memory storage devices.

Referring now to FIG. 1, an illustrative computer architecture for acomputer 100 utilized in the various embodiments will be described. Thecomputer architecture shown in FIG. 1 may be configured as a desktop ormobile computer and includes a central processing unit 5 (“CPU”), asystem memory 7, including a random access memory 9 (“RAM”) and aread-only memory (“ROM”) 11, and a system bus 12 that couples the memoryto the CPU 5. A basic input/output system containing the basic routinesthat help to transfer information between elements within the computer,such as during startup, is stored in the ROM 11. The computer 100further includes a mass storage device 14 for storing an operatingsystem 16, application programs, and other program modules, which willbe described in greater detail below.

The mass storage device 14 is connected to the CPU 5 through a massstorage controller (not shown) connected to the bus 12. The mass storagedevice 14 and its associated computer-readable media providenon-volatile storage for the computer 100. Although the description ofcomputer-readable media contained herein refers to a mass storagedevice, such as a hard disk or CD-ROM drive, the computer-readable mediacan be any available media that can be accessed by the computer 100.

By way of example, and not limitation, computer-readable media maycomprise computer storage media and communication media. Computerstorage media includes volatile and non-volatile, removable andnon-removable media implemented in any method or technology for storageof information such as computer-readable instructions, data structures,program modules or other data. Computer storage media includes, but isnot limited to, RAM, ROM, EPROM, EEPROM, flash memory or other solidstate memory technology, CD-ROM, digital versatile disks (“DVD”), orother optical storage, magnetic cassettes, magnetic tape, magnetic diskstorage or other magnetic storage devices, or any other medium which canbe used to store the desired information and which can be accessed bythe computer 100.

According to various embodiments, computer 100 may operate in anetworked environment using logical connections to remote computersthrough a network 18, such as the Internet. The computer 100 may connectto the network 18 through a network interface unit 20 connected to thebus 12. The network connection may be wireless and/or wired. The networkinterface unit 20 may also be utilized to connect to other types ofnetworks and remote computer systems. The computer 100 may also includean input/output controller 22 for receiving and processing input from anumber of other devices, including a keyboard, mouse, or electronicstylus (not shown in FIG. 1). Similarly, an input/output controller 22may provide output to a display screen 28, a printer, or other type ofoutput device.

As mentioned briefly above, a number of program modules and data filesmay be stored in the mass storage device 14 and RAM 9 of the computer100, including an operating system 16 suitable for controlling theoperation of a networked personal computer, such as the WINDOWS XPoperating system from MICROSOFT CORPORATION of Redmond, Wash. The massstorage device 14 and RAM 9 may also store one or more program modules.In particular, the mass storage device 14 and the RAM 9 may store anapplication program 10. The application program 10 is operative toprovide background synchronization of data. According to one embodiment,the application program 10 comprises the MICROSOFT ONENOTE applicationprogram from MICROSOFT CORPORATION. Other application programs thatutilize background synchronization from other manufacturers may also beutilized. For instance, email programs, desktop publishing programs,presentation programs, and any other type of program that provides forbackground synchronization may be utilized.

The application program 10 may utilize a background synchronizationmanager 26. Although background synchronization manager 26 is shownseparate from application program 10, it may be included withinapplication program 10. As will be described in greater detail below,the background synchronization manager 26 may be used to assist indetermining when the synchronization requires authentication credentialsas well as persistently, but unobtrusively, displaying a notificationelement 30 when authentication credentials are required by thesynchronization process.

FIG. 2 shows a background synchronization system 200. As illustrated,background synchronization system 200 includes application program 10,background synchronization manager 26, synchronization authenticationfailure queue 240, servers 210 and 212, data sets (214, 216, 218, 220and 222), display 28 and notification element 30.

As described briefly above, the background synchronization manager 26provides background synchronization services for application 10. Whileapplication program 10 is asynchronously synchronizing data in thebackground it may not be able to authenticate against a server or unlocka data set without authentication credentials. As illustrated in system200, application program 10 is configured to synchronize data sets 214,216 and 218 through server 210 and data sets 220 and 222 through server212. For exemplary purposes, the background synchronization of data set214 through server 210 and the background synchronization of data set222 through server 212 failed due to an authentication error. Anauthentication error occurs when the server requires authenticationcredentials that were either not supplied or are invalid. For example,an authentication error occurs when no authentication credentials aresupplied to access a data set that requires a user name and a password.The authentication credentials may comprise one or more credentials. Forinstance, a single password may be required, a password and a user namemay be required, and the like.

When application program 10 attempts to connect to a server (e.g. server210 and/or 212) to synchronize data, the notification element 30 isdisplayed when the data to be synchronized fails due to anauthentication error. Notification element 30 notifies the user thatthey need to enter authentication credentials (e.g. a password) tosuccessfully synchronize the data that is protected by theauthentication credentials. The notification element 30 is displayedunobtrusively, but persistently, such that the user's work flow is notinterrupted. According to one embodiment, notification element 30 isdisplayed within an information bar at the top of an application windowwithin display 28. According to one embodiment, the notification element30 is a non-modal user interface element that is persistently displayeduntil there are no further authentication credentials required.According to one embodiment, the user may select the notificationelement 30. When selected, one or more authentication dialogs isdisplayed to receive the authentication credentials from the user.Should all of the required authentication credentials be enteredcorrectly, the notification element 30 is removed from display 28.

Synchronization authentication error queue 240 is configured to storethe outstanding authentication errors. Each time an authentication erroroccurs and an authentication error is received by application program10, queue 240 is updated with the error. Whenever the authenticationerror queue has one or more authentication errors the backgroundsynchronization manager 26 displays the notification element 30 ondisplay 28. According to one embodiment, the same message is displayedwithin notification element 30 regardless of the number ofauthentication errors. Keeping the message constant within notificationelement 30 helps to ensure that the message is unobtrusive and does notinterfere with the user's workflow. Alternatively, the message may bechanged. For example, the message may indicate the number ofauthentication errors and/or the number of authentication credentialsthat are required.

Each time that application 10 fails a background synchronization of adata set due to one or more required authentication credentials thatwere not provided or were incorrect, queue 240 is updated. If the errorwas a server authentication error then background synchronizationmanager 26 checks to see if an error for the data associated with theserver has already been entered into queue 240. If an authenticationerror already exists for this data in queue 240 then the authenticationerror is not added to the queue 240. If the authentication error has notbeen previously received, then the authentication error is placed inqueue 240. When authentication succeeds against a server, and there isan authentication error in the queue due to a previous error, then thaterror is removed from the queue.

According to one embodiment, when a server temporarily goes offline, asindicated by link 262, any authentication errors that may exist in queue240 that relate to the offline server are removed from the queue. In thepresent example, any authentication errors relating to server 212 wouldbe removed from queue 240 when link 262 is broken. The authenticationerrors are removed since the user can not correct any authenticationerrors relating to that server until the server comes back online. Whenthe server is available again, any authentication errors that occur areadded to the queue again.

When the user selects the notification element 30, the backgroundsynchronization manager 26 accesses queue 240 to determine theauthentication failures to present to the user for correction. Accordingto one embodiment, each authentication error is handled one at a time.In other words, the user is presented with an input box to enter theauthentication credentials that are required for each error. Accordingto another embodiment, an input box may be displayed to the user thatcombines input fields for entering authentication credentials for morethan one of the authentication errors.

FIG. 3 illustrates an exemplary application window 300 with anotification element. As illustrated, FIG. 3 includes application window310, window elements 320, display area 330 and notification element 350that includes message 340.

According to one embodiment, notification element 350 is displayed atthe top of the display area 330 of the application window 310.Displaying the notification element 350 at the top of display area 330helps to ensure that the user will notice the message 340 indicatingthat authentication credentials are required to synchronize data.Message 340 indicates that at least one authentication credential isrequired to synchronize data. Message 340 also indicates that the usermay select the notification element 350 in order to enter the requiredauthentication credentials.

FIG. 4 shows another exemplary application window 400 with various areasto display a notification element. As illustrated, FIG. 4 includesapplication window 310, window elements 320, display area 330 andnotification element display areas 410, 412, 414, 416 and 418 fordisplaying a notification element that indicates that authenticationcredentials are required. The notification element may be shown in manyareas of display area 330 including the title bar (412), the upperportion (410), the lower portion (412), the right hand side (416) andthe left hand side (414) of display area 330. Other locations may bechosen such that the user may easily determine that authenticationcredentials are required.

Referring now to FIGS. 5 and 6, an illustrative process for providing anotification element will be described. Although the embodimentsdescribed herein are presented in the context of a backgroundsynchronization manager 26 and an application program 10, other types ofapplication programs that use background synchronization requiringauthentication credentials may be utilized. For instance, theembodiments described herein may be utilized within an email program, aweb browser program, and the like.

When reading the discussion of the routines presented herein, it shouldbe appreciated that the logical operations of various embodiments areimplemented (1) as a sequence of computer implemented acts or programmodules running on a computing system and/or (2) as interconnectedmachine logic circuits or circuit modules within the computing system.The implementation is a matter of choice dependent on the performancerequirements of the computing system implementing the invention.Accordingly, the logical operations illustrated and making up theembodiments described herein are referred to variously as operations,structural devices, acts or modules. These operations, structuraldevices, acts and modules may be implemented in software, in firmware,in special purpose digital logic, and any combination thereof.

FIG. 5 illustrates displaying a notification element as a result of anauthentication error.

After a start operation, the process flows to operation 510, where thebackground synchronization process attempts to access data that is to besynchronized.

Flowing to decision operation 520, a determination is made as to whetherthere was an authentication error as a result of attempting to accessthe data at operation 510. When there is not an authentication error,the process flows to operation 530 where the synchronization processcontinues.

When there is an authentication error, the process moves to operation540 where the authentication error is added to an authentication errorqueue. According to one embodiment, the authentication error is onlyadded to the queue if the authentication error is a new authenticationerror that is not currently in the queue. Additionally, instead ofplacing the authentication error within a queue, the error may be storedin some other manner. For example, the authentication error may bemaintained somewhere in memory, within a file, and the like.

The process then moves to operation 550 where the notification elementis displayed persistently but unobtrusively. A notification element isdisplayed as long as the queue contains any authentication errors.

The process then moves to an end operation and returns to processingother actions.

FIG. 6 illustrates a process for interacting with a notification elementthat is displayed as a result of an authentication error.

After a start operation, the process flows to operation 610, where thenotification element is monitored for selection. According to oneembodiment, this involves determining when the notification elementreceives a mouse click. Any type of selection of the notificationelement, however, may be utilized.

Flowing to decision operation 620, a determination is made as to whetherthe notification element is selected. When the notification element isnot selected, the process returns to operation 610 for continuedmonitoring.

When the notification element is selected, the process moves tooperation 630 where one or more user interface elements are displayed toreceive the required authentication credentials.

The process then moves to decision operation 640 where a determinationis made as to whether all of the required authentication credentialshave been received. When all of the authentication credentials have notbeen received, the notification element continues to be displayed andthe process moves to an end operation.

When all of the authentication credentials have been received, theprocess moves to operation 650 where the notification element is removedfrom the display.

The process then moves to an end operation and returns to processingother actions.

The above specification, examples and data provide a completedescription of the manufacture and use of the composition of theinvention. Since many embodiments of the invention can be made withoutdeparting from the spirit and scope of the invention, the inventionresides in the claims hereinafter appended.

What is claimed is:
 1. A method for non-intrusive backgroundsynchronization, comprising: performing a background synchronization ofdata sets relating to a user; while performing the backgroundsynchronization of data sets, determining when an authentication errorrelating to an authentication credential for the user is received inresponse to an attempt to synchronize any of the data sets; in responseto receiving the authentication error, displaying a non-modalnotification element indicating that information is required for thebackground synchronization to synchronize the data relating to the anyof the data sets receiving the authentication error; stopping thebackground synchronization of the data relating to the any of the datasets receiving the authentication error while continuing the backgroundsynchronization process for synchronizing the other data sets notreceiving the authentication error; and in response to receiving aselection of the non-modal notification element and receiving theinformation to address the authentication error, resuming the backgroundsynchronization of the data relating to the any of the data setsreceiving the authentication error.
 2. The method of claim 1, whereinthe information identifies the authentication credential.
 3. The methodof claim 1, further comprising storing the authentication error within aqueue.
 4. The method of claim 3, further comprising storing theauthentication error within the queue until an authentication credentialis received and is verified.
 5. The method of claim 3, furthercomprising removing the authentication error from the queue when aserver used in synchronizing the one of the data sets for which theauthentication error becomes unavailable.
 6. The method of claim 3,wherein storing the authentication error within the queue comprisesdetermining when the authentication error has been previously received.7. The method of claim 5, wherein the background synchronization of thedata sets is performed at least two servers, wherein at least one of thedata sets is synchronized by a first server and at least another one ofthe data sets is synchronized by a second server.
 8. The method of claim1, wherein displaying the non-modal notification element comprisesdisplaying the non-modal notification element within an applicationwindow that is currently displayed.
 9. The method of claim 1, furthercomprising monitoring the non-modal notification element for a selectionand displaying a user interface element that is configured to receivethe authentication credential when the non-modal notification element isselected.
 10. A computer-readable medium having computer-executableinstructions encoded on a memory for non-intrusive backgroundsynchronization, comprising: performing a background synchronization ofdata sets associated with a user; determining when an authenticationerror is received in response to an attempt to synchronize one of thedata sets; displaying a non-modal notification element indicating thatan authentication credential is required for the backgroundsynchronization to synchronize the one of the data sets; stopping thebackground synchronization of the one of the data sets until informationis received to resolve the authentication error while continuing thebackground synchronization process for synchronizing the other data setsnot receiving the authentication error that are associated with theuser; and in response to receiving a selection of the non-modalnotification element and receiving the information to address theauthentication error, resuming the background synchronization of the oneof the data sets.
 11. The computer-readable medium of claim 10, furthercomprising storing the authentication error within a queue until anauthentication credential is received and is verified.
 12. Thecomputer-readable medium of claim 11, further comprising removing theauthentication error from the queue when a server used in synchronizingthe one of the data sets for which the authentication error becomesunavailable.
 13. The computer-readable medium of claim 11, whereinstoring the authentication error within the queue comprises determiningwhen the authentication error has been previously received.
 14. Thecomputer-readable medium of claim 10, wherein the backgroundsynchronization of the data sets is performed at least two servers,wherein at least one of the data sets is synchronized by a first serverand at least another one of the data sets is synchronized by a secondserver.
 15. The computer-readable medium of claim 10, wherein displayingthe non-modal notification element comprises displaying the non-modalnotification element within an application window that is currentlydisplayed.
 16. The computer-readable medium of claim 10, furthercomprising monitoring the non-modal notification element for a selectionand displaying a user interface element that is configured to receivethe authentication credential when the non-modal notification element isselected.
 17. A system for non-intrusive background synchronization,comprising: a processor and a computer-readable medium; an operatingenvironment stored on the computer-readable medium and executing on theprocessor; a display; and an application operating under the control ofthe operating environment and operative to perform actions, including:performing a background synchronization of data sets associated with auser; determining when an authentication error is received in responseto an attempt to synchronize one of the data sets; storing theauthentication error in a storage; displaying a non-modal notificationelement on the display indicating that an authentication credential isrequired for the background synchronization to synchronize the one ofthe data sets; stopping the background synchronization of the one of thedata sets until information is received to resolve the authenticationerror at which point the background synchronization of the one of thedata sets continues; and continuing the background synchronizationprocess for synchronizing the other data sets not receiving theauthentication error.
 18. The system of claim 17, further comprisingremoving the authentication error from storage when a server used insynchronizing the one of the data sets for which the authenticationerror becomes unavailable.
 19. The system of claim 17, whereindisplaying the non-modal notification element comprises displaying thenon-modal notification element within an application window that iscurrently displayed.
 20. The system of claim 17, further comprisingmonitoring the non-modal notification element for a selection anddisplaying a user interface element that is configured to receive theauthentication credential when the non-modal notification element isselected.